Beruflich Dokumente
Kultur Dokumente
9885652333, www.smartprotech.net
HASBE: A Hierarchical Attribute-Based Solution for Flexible and Scalable Access Control in Cloud Computing
ABSTRACT:
Cloud computing has emerged as one of the most influential paradigms in the IT industry in recent years. Since this new computing technology requires users to entrust their valuable data to cloud providers, there have been increasing security and privacy concerns on outsourced data. Several schemes employing attributebased encryption (ABE) have been proposed for access control of outsourced data in cloud computing; however, most of them suffer from inflexibility in implementing complex access control policies. In order to realize scalable, flexible, and fine-grained access control of outsourced data in cloud computing, in this paper, we propose hierarchical attribute-set-based encryption (HASBE) by extending ciphertext-policy attribute-set-based encryption (ASBE) with a hierarchical structure of users. The proposed scheme not only achieves scalability due to its hierarchical structure, but also inherits flexibility and fine-grained access control in supporting compound attributes of ASBE. In addition, HASBE employs multiple value assignments for access expiration time to deal with user revocation more efficiently than existing schemes. We formally prove the security of HASBE based on security of the cipher text-policy attribute-based encryption (CP-ABE) scheme by Bethencourt et al. and analyze its performance and computational complexity. We implement our scheme and show that it is both efficient and
ARCHITECTURE:
EXISTING SYSTEM:
Our existing solution applies cryptographic methods by disclosing data decryption keys only to authorize users.
These solutions inevitably introduce a heavy computation overhead on the data owner for key distribution and data management when fine grained data access control is desired, and thus do not scale well.
Software update/patches- could change security settings, assigning privilegestoo low, or even more alarmingly too high allowing access to your data by other parties.
Security concerns- Experts claim that their clouds are 100% secure - but it willnot be their head on the block when things go awry. It's often stated that cloudcomputing security is better than most enterprises. Also, how do you decidewhich data to handle in the cloud and which to keep to internal systems once decided keeping it secure could well be a full-time task?
Control- Control of your data/system by third-party. Data - once in the cloudalways in the cloud! Can you be sure that once you delete data from your cloudaccount will it not exist any more... ...or will traces remain in the cloud
PROPOSED SYSTEM:
This proposed system addresses this challenging open issue by, on one hand, defining and enforcing access policies based on data attributes, and, on the other hand, allowing the data owner to delegate most of the computation tasks involved in fine grained data access control to un-trusted cloud servers without disclosing the underlying data contents.
More specifically, we associate each data file with a set of attributes, and assign each user an expressive access structure whichis defined over these attributes. To enforce this kind of access control, we utilize KP-ABE to escort data encryption keys of data files. Such construction enables us to immediately enjoy finegrainedness of access control. However, this construction, if deployed alone,
MODULES:
MODULES DESCRIPTION:
Data Owner Module In this module, the data owner uploads their data in the cloud server. For the security purpose the data owner encrypts the data file and then store in the cloud. The data owner can change the policy over data files by updating the expiration time. The Data owner can have capable of manipulating the encrypted data file. And the data owner can set the access privilege to the encrypted data file. Data Consumer Module In this module, the user can only access the data file with the encrypted key if the user has the privilege to access the file. For the user level, all the privileges are given by the Domain authority and the Data users are
controlled by the Domain Authority only. Users may try to access data files either within or outside the scope of their access privileges, so malicious users may collude with each other to get sensitive files beyond their privileges.
Attribute based key generation Module The trusted authority is responsible for generating and distributing system parameters and root master keys as well as authorizing the top-level domain authorities. A domain authority is responsible for delegating keys to subordinate domain authorities at the next level or users in its domain. Each user in the system is assigned a key structure which specifies the attributes associated with the users decryption key.The trusted authority calls the algorithm to create system public parameters PK and master key MK. PK will be made public to other parties and MK will be kept secret. When a user sends request for data files stored on the cloud, the cloud sends the corresponding ciphertexts to the user. The user decrypts them by first calling decrypt(CT,SK) to obtain DEK and then decrypt data files using DEK.
: Pentium IV 2.4 GHz. : 40 GB. : 1.44 Mb. : 15 VGA Colour. : Logitech. : 512 Mb.
SOFTWARE REQUIREMENTS:
Operating system : - Windows XP. Coding Language : J2EE Data Base : MYSQL
REFERENCE:
Zhiguo Wan, June Liu, and Robert H. Deng, HASBE: A Hierearchical AttributeBased Solution for Flexible and Scalable Access Control in Cloud Computing, IEEE Transactions on Information Forensics and Security, Vol. 7, No. 2, April 2012.